Malware Is South America's New Growth Industry

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Malware syndicates in China have been implicated in a number of recent high-profile, targeted cyber attacks against American companies and organizations, but the latest data from security software vendor Zscaler indicates a new and equally dangerous threat is emerging in South and Central America.

In its first-quarter "State of the Web" report, Sunnyvale, Calif.-based Zscaler aimed to provide some meaningful analysis and context for enterprises struggling to safeguard their data networks from organized groups of hackers and phishers who are exploiting both lax local enforcement and a laissez-faire attitude by international hosting companies to steal identities, assets and intellectual property.

To no one's surprise, the Zscaler report pegs the U.S. as the leading source of malicious traffic including botnets, worms and aggravating SQL-injection attacks. Of course, that's to be expected because the U.S. is also the runaway leader in generating and serving up Internet traffic of all types.

What's interesting is that when Zscaler analyzed each country based on the largest percentage of malicious versus benign servers, seven of the top 10 countries with high saturations of malware-distributing servers were South and Central American nations.

Honduras checked in with a ratio of 7.5 percent, good enough (or bad enough, depending on how you view it) for second in the world behind only the Cayman Islands (10.2 percent).

The rest of the Malware Top 10 included Bolivia (6.25 percent); Peru (6.11 percent); Argentina (6 percent); Paraguay (5.13 percent); Ecuador (5.05 percent); Columbia (4.54 percent); Luxembourg (4.47 percent) and Turkey (3.94 percent).

Meanwhile, China checked in at just 2.96 percent, meaning that the concentration of malicious servers in countries like Honduras, Bolivia, Peru and Argentina is at least double that of those servers based in China.

"While the U.S. and China may have a large number of Web servers used to host malicious content, they have a much larger percentage of servers that host benign content when compared to other countries," Mike Geide, co-author of the report and a senior security analyst at Zscaler, told InternetNews.com.

"Many of the countries noted are emerging markets, and with economic growth comes an increase in technology," he added. "The security of this technology is often an after-thought or maybe a skill that has yet to be developed within these countries."

Another troubling issue to emerge from the study is the fact that Microsoft's Internet Explorer 6, bugs and all, is still the de facto enterprise browser for more than 25 percent of Zscaler's customers.

Despite the devastating consequences of Operation Aurora, a zero-day vulnerability that left corporate networks naked and vulnerable for almost three weeks earlier this year, companies are still reluctant to upgrade to IE8 despite Microsoft's own efforts to persuade customers to install more recent, and more secure, versions of its browser.

The report also noted a significant spike in botnet activity, bogus antivirus software scams and blackhat search engine optimization (SEO) schemes.

"As we have seen in the past, attackers are not resting on their laurels," the report said. They continue to innovate and target each and every opportunity that comes their way."

"At the same time, the malicious infrastructures that they’ve created continue to thrive, requiring only regular maintenance and periodic updates to deliver impressive value to their owners," it concluded.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.